AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Your AWS environment has detected suspicious activity on an EC2 instance. According to the AWS Security Incident Response Guide, what initial steps should be taken to isolate the compromised resource and prevent further damage?
Your AWS environment has detected suspicious activity on an EC2 instance. According to the AWS Security Incident Response Guide, what initial steps should be taken to isolate the compromised resource and prevent further damage?
Simulated
Explanation:
Isolating the instance by removing it from the security group and network ACLs ensures that the compromised resource cannot communicate with other resources in the network, thereby preventing further damage. Terminating the instance immediately might prevent the collection of necessary data for root cause analysis.